Stilgherrian (@stilgherrian)

Wentworth Falls NSW AU

The below is an off-site archive of all tweets posted by @stilgherrian ever

May 28th, 2013

@thomasrdotorg ABC Radio National now has Skype in their studios. I did a live spot from San Francisco. stilgherrian.com/conversations/…

via Janetter for Mac in reply to thomasrdotorg

RT @SnarkyPlatypus: It’s a ménage a trois between , @stilgherrian and the BBC in China. [Oh don’t start…]

via Janetter for Mac

And… we’re clear.

via Janetter for Mac

Cool, the @4corners reporter @AndrewJFowler is on this too. He’s started.

via Janetter for Mac

I’m connected to the @bbcworldservice mothership via Skype. I’m waiting for them to finish Syria. Stream at bbc.co.uk/worldservicera…

via Janetter for Mac

@skwashd Oh I saw the pun, so you’re OK. I’m just a humourless bunt.

via Janetter for Mac in reply to skwashd

@skwashd Oi! Still, I’m not sure who dobbed me in to @bbcworldservice for this program.

via Janetter for Mac in reply to skwashd

@stephhegarty And I’m ready on Skype for a line check whenever you want. :)

via Janetter for Mac in reply to stephhegarty

This @bbcworldservice spot coming up, there’s a hashtag if you want to comment.

via Janetter for Mac

@stephhegarty I can’t DM you (you’re not following?) but all received. Ready and waiting.

via Janetter for Mac

So yes, talking ASIO hack etc on @bbcworldservice @BBC_WHYS at 2045 AEST / 1145 BST, streamed live at bbc.co.uk/worldservicera…

via Janetter for Mac

@snare @bbcworldservice Some Photoshop work may be required…

via Janetter for Mac in reply to snare

@snare @bbcworldservice Hang on, it is still a dart in the face if I use the word “cyber” in quotes to point out why it’s silly?

via Janetter for Mac in reply to snare

@snare @bbcworldservice And rightly so. My stance on the nomenclature is clear.

via Janetter for Mac in reply to snare

BernardKeane twitter is great for angry people to have entire conversations with you that you at no stage participate in

via Echofon (retweeted on 7:17 PM, May 28th, 2013 via Janetter for Mac)

So at 2045 AEST / 1145 GMT I’ll be joining a panel on @bbcworldservice to talk about the ASIO hack thingy. Weird day.

via Janetter for Mac

“Big Data is bovine excrement says Obama’s Big Data man”, writes @ssharwood theregister.co.uk/2013/05/28/big…

via Janetter for Mac

“Huawei: ‘trust us, we are being transparent’”, writes @R_Chirgwin theregister.co.uk/2013/05/28/hua…

via Janetter for Mac

“Ludlam, Brandis clash on privacy in cyber debate”, writes @WatchAdam computerworld.com.au/article/462966…

via Janetter for Mac

“Coalition wants money for ASIO, but Greens want privacy”, writes @mukimu zdnet.com/au/coalition-w…

via Janetter for Mac

“Research for unhackable UAVs could be used for BYOD: NICTA”, writes @mukimu zdnet.com/au/research-fo…

via Janetter for Mac

“Don’t expect vendors to bring up security: Huawei”, writes @alliecoyne. itnews.com.au/News/344760,do…

via Janetter for Mac

Right, time to see what’s been written about , gather my thoughts, and assemble some paragraphs.

via Janetter for Mac

Oh, I should mention that I’ve left  so I can clear my head and write. It’s safe to follow me again now. Kinda.

via Plume for Android

@lomantik Oh yes, few politicians can resist the urge to turn every event into an electoral pitch.

via Plume for Android in reply to lomantik

@MikeCarlton01 True, but @rbersten says it’s already there, under the suit.

via Plume for Android in reply to MikeCarlton01

Brandis: “I have a high confidence in the ability of the Coalition to stem the high flow of irregular maritime arrivals.”

via Janetter for Mac

Me from 2011: “Yet another free pass for Aussie spooks: Do our politicians fear questioning ASIO?” cso.com.au/article/401011…

via Janetter for Mac

“ASIO’s mislaid plans hardly a Chinese cybersecurity attack”, writes @BernardKeane crikey.com.au/2013/05/28/asi…

via Janetter for Mac

Brandis runs thru, oh, what’s this? “The Threat Landscape, Reader’s Digest Edition 2010”. Threats are getting more complex!

via Janetter for Mac

Brandis is now doing an election-year stump speech, (mis)cites numbers from Symantec’s Internet Security Threat Report

via Janetter for Mac

Brandis notes that Australian Cyber Security Centre has no new funding, refers to “already depleted national security budget”

via Janetter for Mac

@GiovanniTorre There is no chant of “Booooooorandis”, but I still think @SenatorLudlam could punch him out for the lulz.

via Janetter for Mac in reply to GiovanniTorre

“Cyber attack on ASIO headquarters”, is what it’s being described as.

via Janetter for Mac

Brandis is running through the usual framing of terrorism as a big threat, and last night’s @4corners.

via Janetter for Mac

@SenatorLudlam Will you be still here for afternoon tea?

via Janetter for Mac in reply to SenatorLudlam

@SenatorLudlam Well, indeed. I’ve just had a long day, and the filler acts before you went on had me browsing gun catalogues.

via Janetter for Mac in reply to SenatorLudlam

“Demand more transparency from us and vendors: Huawei”, writes @mukimu zdnet.com/demand-more-tr…

via Janetter for Mac

@GiovanniTorre The studio audience is most polite. There was simply quiet applause. But we’ll see what happens at the end.

via Janetter for Mac in reply to GiovanniTorre

Brandis: The fear of terrorism has come to overtake the fear of war, but terrorism is not new.

via Janetter for Mac

Brandis: Wishes to focus his remarks on appropriate response to terrorism, and for this room, cyber terrorism.

via Janetter for Mac

Senator Brandis has arrived. A somewhat more formal style, and waffling on about airports and fog.

via Janetter for Mac

Ludlam just referred to the “Telecommunications and surveillance annual report”s. They’re here. ag.gov.au/NationalSecuri…

via Janetter for Mac

Yesterday Ludlam asked PM&C how many agencies have been using s313 requests to block websites. They don’t know.

via Janetter for Mac

I won’t tweet all the details of this speech, since it’s familiar territory, just a few new things.

via Janetter for Mac

Ludlam outlines the scale of warrantless comms metadata requests already, 300k/year. Those articles have last year’s stats.

via Janetter for Mac

This is really Ludlam’s standard intro to the topic. See these from Jan 2012. zdnet.com/aus-becoming-s… zdnet.com/war-on-the-int…

via Janetter for Mac

Ludlam explains criteria for phone intercepts now: suspected of serious crime, names targets, warrant required.

via Janetter for Mac

Ludlam first. He’s suspicious of all talk of “balance” in these matters ‘cos there isn’t one.

via Janetter for Mac

Dear Conference Moderators Everywhere, you do not have to read out everyone’s full bio when there’s a printed program. FFS!

via Janetter for Mac

Finally! @SenatorLudlam vs Senator Brandis on “Balancing Privacy and Civil Liberties in the Age of Cyber Security”

via Janetter for Mac

Pro Tip: Always play Russian Roulette with a revolver, not an automatic.

via Janetter for Mac

And a gun. For every “cyber”, one shot of tequila and one round of 9mm.

via Janetter for Mac

Next time I’m bringing booze and taking a shot every time someone says “cyber”.

via Janetter for Mac

On screen now, the World Economic Forum’s Cyber Risk Framework, found on p13 of this PDF. www3.weforum.org/docs/WEF_IT_Pa…

via Janetter for Mac

@oberonsghost I DON’T WANT A CLEAN HANKY I WANT A GUN AND A COUPLE BOXES OF AMMUNITION.

via Janetter for Mac in reply to oberonsghost

Arronis: Security needs not to be a list of don’ts from the practitioners, but an ongoing discussion about risk.

via Janetter for Mac

Arronis: Overarching objective of security process is to make better risk-based decisions. [We’re going conceptual, folks.]

via Janetter for Mac

Arronis’ theme seems to be consistency in security processes, the hows and whys.

via Janetter for Mac

Arronis has begun by quoting Oscar Wilde and Aldous Huxley. OK then.

via Janetter for Mac

Up now, “Managing Security Across Multiple Organisations” with George Arronis, Head of ICT Security and Risk, Serco.

via Janetter for Mac

For some reason, just now, I find myself browsing the merchandise available here. nighthawkcustom.com

via Janetter for Mac

“A key part of any contract is the service level agreement.” I would like to start crying now. May I start crying?

via Janetter for Mac

“There is a lot of guidance available on the internet for free.”

via Janetter for Mac

@rashasman Please give Skywhale my fond regards.

via Janetter for Mac in reply to rashasman

The time-travel tedium of this presentation is magnified by the fact we’re waiting for @SenatorLudlam vs Senator Brandis.

via Janetter for Mac

@ssharwood We have an official hashtag, and I feel like we’re in… when? 2009?

via Janetter for Mac in reply to ssharwood

“Government hacking attempts ‘standard espionage practice’: Huawei”, writes @j_hutch afr.com/p/national/gov…

via Janetter for Mac

So far this is “Cloud Risks and Mitigations 101”, so I hope it picks up soon.

via Janetter for Mac

@joneaves Will do. My understanding of most things crypto is wobbly. Shortcuts to moderate understanding are needed.

via Janetter for Mac in reply to joneaves

@ApostrophePong @sylmobile I managed to keep my language under control when in The America last week. Week before, sorry.

via Janetter for Mac in reply to ApostrophePong

Praise the lard, Tufek is not going to talk about cloud computing. [Puts down crossbow.]

via Janetter for Mac

Up now, “Mitigating Security Challenges Posed by Cloud Service Adoption” with Wayne Tufek, Uni of Melbourne.

via Janetter for Mac

Change of running order, as Senator Brandis’ plane has been delayed.

via Janetter for Mac

Skipping “A Cyber-Crime Case Study: Using Social Media to Impersonate Brands, Build Trust, and Commit Fraud”, sorry.

via Janetter for Mac

@ApostrophePong Your office clearly needs more Australians.

via Janetter for Mac in reply to ApostrophePong

@rashasman Why are you in Sydney, and what can be done about this?

via Twitter Web Client in reply to rashasman

Half-time warning. I’m tweeting today from CeBIT Cyber Security cebit.com.au/conferences/cy… Filter out to avoid the flood.

via Janetter for Mac

EVEN MOAR about the car-hacking stuff, the academic end. scholar.google.com.au/scholar?cluste… HT @hardy_bm

via Janetter for Mac

@joneaves I think I’ve grokked what you’re saying there. Will certainly be clear about that if I end up writing about this at all.

via Janetter for Mac in reply to joneaves

@OkanovicM Thanks for all your help there, much appreciated. It’s hard to find links while also trying to absorb the presentation.

via Janetter for Mac in reply to __Marijana_

Better link for the car-hacking story. jalopnik.com/5539181/carsha… HT Gerwin Klein via @OkanovicM

via Janetter for Mac

Also have a Red team, for attack and penetration testing and internal audit. Focus on business process hacking.

via Janetter for Mac

Includes cyber defence analysts, using tools like Palantir’s to discover connections etc.

via Janetter for Mac

Stiennon introduces cyber defence team, Lockheed-Martin style, led by Cyber Commander, who’s also law enforcement liaison.

via Janetter for Mac

Stiennon proposes a new job title, as we had CISOs as a new thing. “Cyber Commander”? (Too militaristic for business?)

via Janetter for Mac

How do we survive in the age of weaponised malware? Countering targeted attacks needs a coordinated response.

via Janetter for Mac

That is, the tech-advanced nations selling cyber-arms to mid-ranking nations in exchange for… stuff.

via Janetter for Mac

Stiennon wonders if the cyber-arms industry that seems to be developing will end up like the arms industry?

via Janetter for Mac

More on the NICTA / DARPA high-assurance cyber-military systems work. ssrg.nicta.com.au/projects/TS/SM… HT @OkanovicM

via Janetter for Mac

The hack-car-with-music story Dr Steel told? Here! (Was it actually done?) computer.org/portal/web/com… HT @OkanovicM

via Janetter for Mac

Stiennon counts the Age of Cyberweapons from this article. nytimes.com/2012/06/01/wor… 362 days and counting!

via Janetter for Mac

@joneaves Will clarify when checking the recording.

via Janetter for Mac in reply to joneaves

Stiennon estimates that the MD5 hash collision used by Flame to forge a MSFT cert would’ve cost $250k of Amazon cloud time.

via Janetter for Mac

“Every single certificate authority (CA) is trusted in every single web browser.” [Aren’t there ~500 CAs?]

via Janetter for Mac

Stiennon: “You cannot trust software any more.” The digital signature process is thoroughly corrupted.

via Janetter for Mac

Stiennon’s current slide is headed: “Software updates: the pre-approved backdoor”, ‘cos we just let them in.

via Janetter for Mac

Stiennon dismisses “Why attack me? I have nothing” with a reminder of you being a stepping-stone.

via Janetter for Mac

Stiennon used to strike out cybercrime from that list, until about three years ago. It’s more a timeline than a hierarchy.

via Janetter for Mac

Stiennon’s old hierarchy of threats: exploratory hacking, vandalism, hacktivism, cyber crime, state-sponsored cyber attacks.

via Janetter for Mac

@OkanovicM Cheers. Would also love a reference for her story about an audio file that can take over a car. Sounds… fun. ;)

via Janetter for Mac in reply to __Marijana_

Next up, Richard Stiennon (@cyberwar), Chief Research Analyst, IT Harvest.

via Janetter for Mac

Aim is to do verified software at 2x cost of developing standard software, and they’re “close” to that.

via Janetter for Mac

Steels notes that so much infosec is patching. “We need to be building systems more reliably in the first place.” [Yes!]

via Janetter for Mac

Steel reckons that as tools get faster and they can synthesize software from proven specs, it’ll be the way things are done.

via Janetter for Mac

And they’re working in generating stuff from proven-correct code, e.g. synthesising file systems.

via Janetter for Mac

I can’t summarise this, but they’re doing some architecture that reduces the amount of code that need formal verification…

via Janetter for Mac

@OkanovicM Is there a good link to the material Dr Steel is presenting now? My computing science background is… gurgling. ;)

via Janetter for Mac in reply to __Marijana_

Why their emphasis on formal verification? Software checking and audit is only 85% effective. Not good enough.

via Janetter for Mac

Yes, those NICTA links were the right ones, confirms @OkanovicM. (Thanks!)

via Janetter for Mac

So, a tune that plays OK, except on a certain car stereo, where it causes a buffer overflow and takes over the car. Done.

via Janetter for Mac

RT @dannolan: change anything on that system and you have to proof it again from first principles [Correct, but they have tools for that.]

via Janetter for Mac

But more importantly, the DARPA work is about… drones!

via Janetter for Mac

Work with DARPA extends this to embedded systems, eventually for things like medical devices, cars, manufacturing systems.

via Janetter for Mac

They’ve since extended their proven-correct software methodology to device drivers etc, traditionally bug-heavy code.

via Janetter for Mac

Currently she’s backgrounding their proved-correct software. ertos.nicta.com.au/research/sel4/ ssrg.nicta.com.au/projects/TS/ [Correct links?]

via Janetter for Mac

Up now, Dr Jodi Steel from NICTA on their work with US Defense Advanced Research Projects Agency (DARPA).

via Janetter for Mac

@craigdeveson Alas no Sydstart for me. Covering a bunch of infosec-related things this week. Break a leg!

via Janetter for Mac in reply to craigdeveson

“DSD’s ‘don’t be stupid’ mitigation strategies still work”, writes @R_Chirgwin theregister.co.uk/2013/05/28/dsd…

via Janetter for Mac

Sorry, Michael Sentonas from McAfee, I had to skip your presentation to look at something else, but I know where to find you.

via Janetter for Mac

Morgan says we have an extreme shortage of penetration testers. The schools are churning out enough. [“Schools”?]

via Janetter for Mac

@pooch02 Again, that’s one data breach, not total pwnage like Nortel. US and EU have mandatory data breach notification laws.

via Janetter for Mac in reply to pooch02

@chrisjrn You’re referring to Aurora? Google weren’t saying they were pwned, but under attack. Nortel was completely pwned globally.

via Janetter for Mac in reply to chrisjrn

Suffolk: We’ll all running on fuzzy data… the impact of data breaches isn’t appearing on balance sheets.

via Janetter for Mac

Stiennon: Yes, Nortel. But it took them ten years. [The book “Underground” includes some coverage of that.]

via Janetter for Mac

Q: Has any company ever owned up to their shareholders that their company was totally pwned?

via Janetter for Mac

Morgan predicts in 24-48 months SEC etc will demand cyber security compliance statements, like they demanded Y2K compliance.

via Janetter for Mac

Stiennon: Lockheed-Martin shows a weekly chart to management of ongoing cyber ops against them, how far they’ve got in

via Janetter for Mac

@indigoid Don’t worry, I will ready myself a question for the panel.

via Janetter for Mac in reply to indigoid

Sentonas quotes @4corners, 50 to 60% increase in “cyber intrusions” in Australia in the last 12 months.

via Janetter for Mac

Panel: David Gee, CIO CUA; Suffolk; Richard Stiennon (@cyberwar); Prof Kenneth Morgan, Retired Professor-at-Large, UWA.

via Janetter for Mac

Next up, Security Leaders Panel: New and Emerging Security Threats.
Facilitator is Michael Sentonas from McAfee.

via Janetter for Mac

Suffolk says unique malware, tested to be undetected by major vendors, now costs $250 including support. Sounds about right.

via Janetter for Mac

@dfg77 Oh there was commentary about software, firmware etc too.

via Janetter for Mac in reply to dfg77

@SnarkyPlatypus He was formerly the CIO of the UK government. Is that a Cylon?

via Janetter for Mac in reply to SnarkyPlatypus

Just be aware, my Twitter stream is random soundbites, ‘cos I’m making my core notes elsewhere.

via Janetter for Mac

@dannolan Who can tell? They’ve left the building!

via Janetter for Mac in reply to dannolan

@cyberwar I’m one of the rapidly-typing media folk in the second-back row on the left. Will catch you at coffee break.

via Janetter for Mac in reply to cyberwar

On trusting your supply chain, Suffolk notes that 70% of components in Huawei kit is not from China. 32% from US.

via Janetter for Mac

Suffolk: Legal difference between buying zero day exploits and 225ml tube of toothpaste? Can’t take toothpaste on a plane.

via Janetter for Mac

DSD has left the building. We’re allowed in now. Next up, John Suffolk, Global Cyber Security Officer, Huawei.

via Janetter for Mac

I might go downstairs and annoy @paulwallbank

via Plume for Android

@LozVox I’m thankful it wasn’t. Though I was in a quiet spot before searching.

via Plume for Android in reply to LozVox

@LozVox Hehe. Hey I didn’t know what it was either.

via Plume for Android in reply to LozVox

@ozdj Yes, but the Cyber Security conference has the potential to contain useful bits.

via Plume for Android in reply to ozdj

@LozVox Well I can hardly be held responsible for your actions!

via Plume for Android in reply to LozVox

I’m at CeBIT Cyber Security all day. cebit.com.au/conferences/cy… Filter out  to avoid my… steady stream.

via Plume for Android

So I looked up Femen. Right. I see.

via Plume for Android

@chrisjrn Oh I’ve upset the spooks dozens of times, and praised them dozens of others.

via Plume for Android in reply to chrisjrn

The opening plenary is over at The Star, and sold out, so bugger that.

via Plume for Android

Yep, Hannover Fairs staffer has just politely evicted me from the conference room. DSD requirement.

via Plume for Android

RT @j_hutch: not that it’s a keynote speech at a public conference or anything. [Yeah, it’s a bit silly. But it was standard practice.]

via Janetter for Mac

RT @paulkidd: are they going to make the people who are let in sign secrecy agreements? [I’ll go and ask once I’ve done this radio spot.]

via Janetter for Mac

RT @paulkidd: BUT IT’S 2013 AND EVERYONE IS THE MEDIA [Yes, exactly. I wonder how many covert recordings will be made.]

via Janetter for Mac

Shortly I’ll be talking Labor vs Coalition NBN policies on @radioadelaide at 0745 ACST / 0815 AEST. Audio stream at radio.adelaide.edu.au

via Janetter for Mac

I’ve just been told that the opening keynote at , by the bloke from DSD, is not open to the media.

via Plume for Android

Mobile: Check out; walk to Sydney Exhibition & Convention Centre; find quiet spot for 0815 radio interview; enter the Cave of Doom.

via Janetter for Mac

@R_Chirgwin @diodesign Said epic rant about Android UI was in a podcast, “The 9pm Bus Ride” stilgherrian.com/edict/00023/

via Janetter for Mac in reply to R_Chirgwin

@cjoye Was the second one actually in the FoI doc? I was directed to a specific page by an RBA staffer, didn’t see the other?

via Janetter for Mac in reply to cjoye

Even though I’m kinda being a replacement @liztayau for @iTnews_au today, I told @charispalmer that I refuse to frock up.

via Janetter for Mac

@bengrubb “Heh” was a slight little snicker at ASIO’s “good fortune” in this case, or is it “awesome skills”?

via Janetter for Mac in reply to bengrubb

“Blueprints for new ASIO headquarters ‘stolen’”, wrote @bengrubb yesterday. Orly? Heh! smh.com.au/it-pro/securit…

via Janetter for Mac

“NBN Co to beat its June rollout target”, writes @rycrozier itnews.com.au/News/344524,nb…

via Janetter for Mac

@CeBITAus Oh thanks, Tony. Boy, do you get around!

via Janetter for Mac in reply to CeBITAus

@CeBITAus Is there a separate hashtag for today’s Cyber Security stream, separate from or in addition to the general ?

via Janetter for Mac

I’ll be talking Labor vs Coalition NBN policies on @radioadelaide at 0745 ACST / 0815 AEST. Audio stream at radio.adelaide.edu.au

via Janetter for Mac

@cyberwar Ah, I just saw your name on the program. It looks like we’ll actually meet up today!

via Janetter for Mac in reply to cyberwar

@cjoye Ah, I meant to reply to your email, which did get to me, but I was on other things and then forgot. I’ll be in touch later this week.

via Janetter for Mac in reply to cjoye

@SnarkyPlatypus Non, je serai l’image même de la tolérance aujourd’hui. Je suis fort. Je suis invincible.

via Janetter for Mac in reply to SnarkyPlatypus

Tue plan: 0815 radio spot, phone; 0845-1745 CeBIT Cyber Security cebit.com.au/conferences/cy…; report on same for @iTnews_au; crawl away and die.

via Janetter for Mac

@SnarkyPlatypus Bonjour. Je pense que je peux regretter aujourd’hui. Ce sera long et ennuyeux. Et vous?

via Janetter for Mac in reply to SnarkyPlatypus

Oh hello, Tuesday.

via Janetter for Mac